1. Field of the Invention
The present invention relates to secure access technology, and more specifically to a system and method for global access control that provides for physical and logical access control to information technology (IT) systems.
2. Description of the Related Art
Concern over terrorist attacks has necessitated improvements in physical and logical access approaches. However, shortcomings remain that are addressed by this invention. If a person is forced under duress to reveal their Personal ID Number (PIN) and surrender their PIV card, present technology does not allow for investigators to easily determine through a simple searching method which systems and facilities the bad actor accessed.
Current physical access control systems (PACS) are typically interoperable only with the vendor's product. Likewise, logical access systems, where users access networks and applications, are typically separated from any physical access control system.
With the requirements emerging from Homeland Security Presidential Directive 12 (HSPD-12) and expanded by FIPS 201, Personal Identity Verification (PIV) cards are required for federal facilities access and for logical access to computing environments. Unfortunately, most of the current PACS facilities devices are based on wire or fiber technology and lack any integration with logical access systems.
Concurrent with the deployment of the PIV cards are advancements in, and availability of, secure wireless technologies. Most of the facilities access points will be based on contact-less technology. Typical approaches include large panels that control a limited number of entry point devices. For facilities designated as historic, stringing cable along walls might be detrimental and are candidates for wireless connections.
Thus, a system having a wireless option that uses existing technology to quickly meet the HSPS-12 and FIPS 201 requirements would be highly desirable. Under such a novel system, significant costs associated with installing control panels and cable would be eliminated for most installations.
One major obstacle preventing integration of various vendor approaches is the lack of a standard device representation. For example, the basic Internet Protocol (IP) uses 32-bit addresses, thereby resulting in a limitation of 4,294,967,296 addresses. In contrast, IPv6 uses a 128-bit address, resulting in approximately 34E36 (34 followed by 36 zeros) addresses. Because the office of Management and Budget (OMB) issued M-05-22 that requires federal agencies to migrate to IPv6, it is envisioned that every computer in the Federal space will be assigned an IPv6 address. Yet, to date, access control devices having limited addressing remain the standard.
Moreover, by having a unique address for every physical access control device and every computing asset, access controls can be harmonized across different vendor spaces, including between logical and physical access control systems.
International Patent No. WO 2004070664, published Aug. 19, 2004, discloses a method of making a key-shaped security module, but unlike the present invention, apparently does not disclose an IPv6 addressing scheme for the module or the module's reader.
Thus, an access control system utilizing an addressing scheme, such as IPv6, capable of uniquely addressing every physical access device, machine and the like is still sought after.
None of the above inventions and patents, taken either singly or in combination, is seen to describe the instant invention as claimed. Thus, a system and method for global access control solving the aforementioned problems is desired.